UK critical national infrastructure (CNI) is at risk of cyber attack, says a report by engineering consultancy Atkins.

Data available from online media – such as blogs, social networking sites and specialist publications – could be used to mount a cyber attack on UK infrastructure, according to the report commissioned by the Institution of Engineering and Technology (IET).

Download this free guide

The importance of web security

Join us as we take a look at the different approaches you can take in order to bolster your web security. We find out how to identify and address overlooked web security vulnerabilities, how security controls affect web security assessment results and why web opportunities must be met with appropriate security controls.

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

“Key information regarding vulnerabilities in company systems is now openly available from a range of sources on the internet,” said the report, entitled Using Open Source Intelligence to Improve ICS & SCADA Security.

The research, published at the IET’s Cyber Security for Industrial Control Systems seminar in London, found many industrial sector websites and academic papers provide information which identifies CNI-related staff and their social media information.

Known vulnerabilities and exploits against specific types of control systems can also be accessed online, the report said, along with the identification of third parties such as contractors, who have detailed knowledge and physical network access.

Richard Piggin, head of control systems security consulting at Atkins, said: “To illustrate the increased threat to industrial control systems, the assessment used freely available tools to demonstrate the identification of networked control systems, their vulnerabilities – and the exploits that may be used to attack them.

“The research demonstrates the low level of technical knowledge that is required to successfully mount an attack against industrial control systems.”

According to Piggin, the research findings highlight the necessity to manage third parties, especially their access and activities while onsite.

“In the control system context, suitable access control, including role-based access to software and systems with activity logging is recommended,” said Piggin.

The IET said the UK is one of the most internet-based major economies and, while this provides the basis for industry to expand and grow, it is essential connections between the internet and industrial control systems are protected adequately.

In the light of the research findings – that open source tools makes it easier to locate and attack or interfere with poorly protected control systems – the IET said it is essential to raise awareness of the issue and promote the development of suitably skilled cyber security professionals.

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy